Re: [CVE-2014-0109] qt4-x11_4.6.3-4+squeeze3_CVE-2014-0190

To: ies <iesdebian@gmail.com>
Cc: debian-lts@lists.debian.org
Subject: Re: [CVE-2014-0109] qt4-x11_4.6.3-4+squeeze3_CVE-2014-0190
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 24 Feb 2015 17:40:05 +0100
Message-id: <[🔎] 20150224164005.GB31485@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, ies <iesdebian@gmail.com>, debian-lts@lists.debian.org
In-reply-to: <54ca4d0c.4696420a.0f32.4d29@mx.google.com>
References: <54ca4d0c.4696420a.0f32.4d29@mx.google.com>

Hello ies,

I just stumbled upon the fact that in dla-needed.txt you are
still marked as working on preparing a qt4-x11 update but it looks
like you did not make any progress recently.

On Thu, 29 Jan 2015, ies wrote:
> I have just fixed the CVE for the qt4-x11 of the minor security issue.
> 
> Please help me to review and give some feedback if you found.

The patch you posted here is for a CVE marked as no-dsa so one of the
"ignorable" issues. By claiming the update, you should usually at least
fix the important CVE which are not tagged "no-dsa". In this case, it
means this one:
https://security-tracker.debian.org/tracker/CVE-2013-0254

For now, I have unclaimed the item but you should be free to claim
it back if you plan to fix the above.

Also as Moritz already pointed it out, we prefer that people disclose
their real identity when contributing to Debian. It's easier to
trust you when you don't hide behind a pseudonym.

Thank you!
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to:

Prev by Date: Re: squeeze update of phpmyadmin?
Next by Date: Re: Bug#773834: Preparing a release for stable and lts
Previous by thread: Bug#779104: debian-security-support: Please mark piwigo as not supported in squeeze
Next by thread: Re: Bug#773834: Preparing a release for stable and lts
Index(es):
- Date
- Thread